def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.SafeLoader) if os.path.isfile(config_file_path) else {} ) self.helper = OpenCTIConnectorHelper(config) self.confidence_level = get_config_variable( "CONNECTOR_CONFIDENCE_LEVEL", ["connector", "confidence_level"], config ) self.api_key = get_config_variable( "MALBEACON_API_KEY", ["malbeacon", "api_key"], config ) self.author = self.helper.api.identity.create( name="Malbeacon", type="Organization", description="""The first system of its kind, MalBeacon implants \ beacons via malware bot check-in traffic. Adversaries conducting \ campaigns in the wild who are logging in to these malware C2 \ panels can now be tracked. MalBeacon is a tool for the good guys \ that provides additional intelligence on attack attribution.""", update=True, )
def __init__(self): # Instantiate the connector helper from config config_file_path = "{}/config.yml".format( os.path.dirname(os.path.abspath(__file__))) config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Connector Config self.confidence_level = get_config_variable( "CONNECTOR_CONFIDENCE_LEVEL", ["connector", "confidence_level"], config, isNumber=True, ) self.update_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) # CYBERCRIME-TRACKER.NET Config self.feed_url = get_config_variable("CYBERCRIMET_RACKER_FEED_URL", ["cybercrime-tracker", "feed_url"], config) self.connector_tlp = get_config_variable("CYBERCRIME_TRACKER_TLP", ["cybercrime-tracker", "tlp"], config) self.interval = get_config_variable( "CYBERCRIMETRACKER_INTERVAL", ["cybercrime-tracker", "interval"], config, isNumber=True, )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.mitre_enterprise_file_url = get_config_variable( "MITRE_ENTERPRISE_FILE_URL", ["mitre", "enterprise_file_url"], config) self.mitre_pre_attack_file_url = get_config_variable( "MITRE_PRE_ATTACK_FILE_URL", ["mitre", "pre_attack_file_url"], config) self.mitre_mobile_attack_file_url = get_config_variable( "MITRE_MOBILE_ATTACK_FILE_URL", ["mitre", "mobile_attack_file_url"], config) self.mitre_interval = get_config_variable("MITRE_INTERVAL", ["mitre", "interval"], config, True) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path)) if os.path.isfile(config_file_path) else {} ) self.interval = 1 # 1 Day interval between each scraping self.helper = OpenCTIConnectorHelper(config) # Extra config self.confidence_level = get_config_variable( "CONNECTOR_CONFIDENCE_LEVEL", ["connector", "confidence_level"], config, ) self.MALPEDIA_API = get_config_variable( "MALPEDIA_API", ["malpedia", "MALPEDIA_API"], config ) self.AUTH_KEY = get_config_variable( "AUTH_KEY", ["malpedia", "AUTH_KEY"], config ) self.need_update = True self.last_update = 0 self.api_call = { "API_CHECK_APIKEY": "check/apikey", "API_GET_VERSION": "get/version", "API_GET_FAMILIES": "get/families", "API_LIST_ACTORS": "list/actors", "API_GET_FAMILY": "get/family/", "API_LIST_FAMILIES": "list/families", "API_GET_YARA": "get/yara/", 'API_LIST_SAMPLES': 'list/samples/', }
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} ) self.helper = OpenCTIConnectorHelper(config) # Extra config self.cve_import_history = get_config_variable( "CVE_IMPORT_HISTORY", ["cve", "import_history"], config, False ) self.cve_nvd_data_feed = get_config_variable( "CVE_NVD_DATA_FEED", ["cve", "nvd_data_feed"], config ) self.cve_history_data_feed = get_config_variable( "CVE_HISTORY_DATA_FEED", ["cve", "history_data_feed"], config ) self.cve_interval = get_config_variable( "CVE_INTERVAL", ["cve", "interval"], config, True ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.urlhaus_csv_url = get_config_variable("URLHAUS_CSV_URL", ["urlhaus", "csv_url"], config) self.urlhaus_import_offline = get_config_variable( "URLHAUS_IMPORT_OFFLINE", ["urlhaus", "import_offline"], config, False, True) self.urlhaus_interval = get_config_variable("URLHAUS_INTERVAL", ["urlhaus", "interval"], config, True) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) self.identity = self.helper.api.identity.create( type="Organization", name="Abuse.ch", description= "abuse.ch is operated by a random swiss guy fighting malware for non-profit, running a couple of projects helping internet service providers and network operators protecting their infrastructure from malware.", )
def __init__(self): # Instantiate the connector helper from config config_file_path = Path( __file__).parent.parent.resolve() / "config.yml" config = (yaml.load(open(config_file_path, encoding="utf8"), Loader=yaml.FullLoader) if config_file_path.is_file() else {}) self.helper = OpenCTIConnectorHelper(config) self.base_url = get_config_variable("RISKIQ_BASE_URL", ["riskiq", "base_url"], config) self.interval_sec = get_config_variable("RISKIQ_INTERVAL_SEC", ["riskiq", "interval_sec"], config) user = get_config_variable("RISKIQ_USER", ["riskiq", "user"], config) password = get_config_variable("RISKIQ_PASSWORD", ["riskiq", "password"], config) # Create the author for all reports. self.author = Identity( name=self._DEFAULT_AUTHOR, identity_class="organization", description= " RiskIQ is a cyber security company based in San Francisco, California." " It provides cloud - based software as a service(SaaS) for organizations" " to detect phishing, fraud, malware, and other online security threats.", confidence=self.helper.connect_confidence_level, ) # Initialization of the client self.client = RiskIQClient(self.base_url, user, password)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.import_as_pdf = get_config_variable( "IMPORT_EXTERNAL_REFERENCE_IMPORT_AS_PDF", ["import_external_reference", "import_as_pdf"], config, False, True, ) self.import_as_md = get_config_variable( "IMPORT_EXTERNAL_REFERENCE_IMPORT_AS_MD", ["import_external_reference", "import_as_md"], config, False, True, ) self.import_pdf_as_md = get_config_variable( "IMPORT_EXTERNAL_REFERENCE_IMPORT_PDF_AS_MD", ["import_external_reference", "import_pdf_as_md"], config, False, True, ) self.headers = { "User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64)" }
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.cyber_threat_coalition_interval = get_config_variable( "CYBER_THREAT_COALITION_INTERVAL", ["cyber-threat-coalition", "interval_sec"], config, True, ) self.cyber_threat_coalition_base_url = get_config_variable( "CYBER_THREAT_COALITION_BASE_URL", ["cyber-threat-coalition", "base_url"], config, False, ) self.cyber_threat_coalition_create_indicators = get_config_variable( "CYBER_THREAT_COALITION_CREATE_INDICATORS", ["cyber-threat-coalition", "create_indicators"], config, ) self.cyber_threat_coalition_create_observables = get_config_variable( "CYBER_THREAT_COALITION_CREATE_OBSERVABLES", ["cyber-threat-coalition", "create_observables"], config, ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.vxvault_url = get_config_variable("VXVAULT_URL", ["vxvault", "url"], config) self.vxvault_interval = get_config_variable("VXVAULT_INTERVAL", ["vxvault", "interval"], config, True) self.create_indicators = get_config_variable( "VXVAULT_CREATE_INDICATORS", ["vxvault", "create_indicators"], config, False, True, ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) self.identity = self.helper.api.identity.create( type="Organization", name="VX Vault", description= "VX Vault is providing URLs of potential malicious payload.", )
def __init__(self): # get config variable config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path, Loader=yaml.FullLoader)) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.update_existing_data = get_config_variable( "UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config) self.interval_scan = get_config_variable( "INTERVAL_SCAN", ["internal_import", "interval_scan"], config) self._data_path = os.path.dirname(os.path.abspath(__file__)) + "/data" self.identity = self.helper.api.identity.create( name="Internal Collector", type="Organization", description="Importing internal data from CSV file", ) self.markingDefinitions = self.helper.api.marking_definition.create( definition_type="tlp", definition="TLP:WHITE") self.tag = self.helper.api.tag.create(tag_type="Internal-Import", value="internal-importer", color="#2e99db") self.tagFE = self.helper.api.tag.create(tag_type="Internal-Import", value="FireEye", color="#fb4d28") self.filename = ""
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.amitt_file_url = get_config_variable("AMITT_FILE_URL", ["amitt", "amitt_file_url"], config) self.pre_amitt_file_url = get_config_variable( "PRE_AMITT_FILE_URL", ["amitt", "pre_amitt_file_url"], config) self.amitt_interval = get_config_variable("AMITT_INTERVAL", ["amitt", "interval"], config, True) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) # Create the corresponding identity self.helper.api.identity.create( stix_id="identity--c9c1a598-7d0e-42fa-b8ec-e42c3de95ae4", type="Organization", name="CogSec", description= "A nonprofit that helps specialists form teams to combat disinformation.", ) self.helper.api.marking_definition.create( stix_id="marking-definition--8c9e2257-1c62-4ff0-9de0-1deed93cf282", definition_type="statement", definition="Copyright 2021, CogSec.", )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # ExportReportPdf specific config settings self.primary_color = get_config_variable( "EXPORT_REPORT_PDF_PRIMARY_COLOR", ["export_report_pdf", "primary_color"], config, ) self.secondary_color = get_config_variable( "EXPORT_REPORT_PDF_SECONDARY_COLOR", ["export_report_pdf", "secondary_color"], config, ) self.set_colors() self.company_address_line_1 = get_config_variable( "EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_1", ["export_report_pdf", "company_address_line_1"], config, ) self.company_address_line_2 = get_config_variable( "EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_2", ["export_report_pdf", "company_address_line_2"], config, ) self.company_address_line_3 = get_config_variable( "EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_3", ["export_report_pdf", "company_address_line_3"], config, ) self.company_phone_number = get_config_variable( "EXPORT_REPORT_PDF_COMPANY_PHONE_NUMBER", ["export_report_pdf", "company_phone_number"], config, ) self.company_email = get_config_variable( "EXPORT_REPORT_PDF_COMPANY_EMAIL", ["export_report_pdf", "company_email"], config, ) self.company_website = get_config_variable( "EXPORT_REPORT_PDF_COMPANY_WEBSITE", ["export_report_pdf", "company_website"], config, ) self.indicators_only = get_config_variable( "EXPORT_REPORT_PDF_INDICATORS_ONLY", ["export_report_pdf", "indicators_only"], config, ) self.defang_urls = get_config_variable( "EXPORT_REPORT_PDF_DEFANG_URLS", ["export_report_pdf", "defang_urls"], config, )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.api_key = get_config_variable("HYBRID_ANALYSIS_TOKEN", ["hybrid_analysis", "api_key"], config) self.environment_id = get_config_variable( "HYBRID_ANALYSIS_ENVIRONMENT_ID", ["hybrid_analysis", "environment_id"], config, True, 110, ) self.max_tlp = get_config_variable("HYBRID_ANALYSIS_MAX_TLP", ["hybrid_analysis", "max_tlp"], config) self.api_url = "https://www.hybrid-analysis.com/api/v2" self.headers = { "api-key": self.api_key, "user-agent": "OpenCTI Hybrid Analysis Connector - Version 4.5.5", "accept": "application/json", } self.identity = self.helper.api.identity.create( type="Organization", name="Hybrid Analysis", description="Hybrid Analysis Sandbox.", )["standard_id"] self._CONNECTOR_RUN_INTERVAL_SEC = 60 * 60
def __init__(self): """Read in config variables""" config_file_path = os.path.dirname(os.path.abspath(__file__)) config_file_path += "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} ) self.helper = OpenCTIConnectorHelper(config) username = get_config_variable( "TAXII2_USERNAME", ["taxii2", "username"], config ) password = get_config_variable( "TAXII2_PASSWORD", ["taxii2", "password"], config ) server_url = get_config_variable( "TAXII2_DISCOVERY_URL", ["taxii2", "discovery_url"], config ) self.verify_ssl = get_config_variable( "VERIFY_SSL", ["taxii2", "verify_ssl"], config, default=True ) # if V21 flag set to true if get_config_variable("TAXII2_V21", ["taxii2", "v2.1"], config, default=True): self.server = tx21.Server( server_url, user=username, password=password, verify=self.verify_ssl ) else: self.server = tx20.Server( server_url, user=username, password=password, verify=self.verify_ssl ) self.collections = get_config_variable( "TAXII2_COLLECTIONS", ["taxii2", "collections"], config ).split(",") self.initial_history = get_config_variable( "TAXII2_INITIAL_HISTORY", ["taxii2", "initial_history"], config, True ) self.per_request = get_config_variable( "TAXII2_PER_REQUEST", ["taxii2", "per_request"], config, True ) self.interval = get_config_variable( "TAXII2_INTERVAL", ["taxii2", "interval"], config, True, 1 ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, )
def __init__(self): """Read in config variables""" config_file_path = os.path.dirname(os.path.abspath(__file__)) config_file_path += "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.cape_api_url = get_config_variable("CAPE_API_URL", ["cape", "api_url"], config) self.cape_url = get_config_variable("CAPE_BASE_URL", ["cape", "base_url"], config) self.EnableNetTraffic = get_config_variable( "CAPE_ENABLE_NETWORK_TRAFFIC", ["cape", "enable_network_traffic"], config, default=False, ) self.EnableRegKeys = get_config_variable( "CAPE_ENABLE_REGISTRY_KEYS", ["cape", "enable_registry_keys"], config, default=False, ) self.verify_ssl = get_config_variable("VERIFY_SSL", ["cape", "verify_ssl"], config, default=True) self.interval = get_config_variable("CAPE_INTERVAL", ["cape", "interval"], config, True, 30) self.start_id = get_config_variable("CAPE_START_TASK_ID", ["cape", "start_task_id"], config, True, 0) self.report_score = get_config_variable("CAPE_REPORT_SCORE", ["cape", "report_score"], config, True, 0) self.create_indicators = get_config_variable( "CAPE_CREATE_INDICATORS", ["cape", "create_indicators"], config) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) self.cape_api: cuckoo = cuckoo(self.helper, self.cape_api_url, self.verify_ssl)
def __init__(self): config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.lastinfosec_cti_url = "https://api.client.lastinfosec.com/v2/stix21/getbyminutes/{}?api_key={}&headers=false&platform=opencti" self.lastinfosec_cve_url = "https://api.client.lastinfosec.com/v2/stix21/vulnerabilities/getlasthour?api_key={}&headers=false&platform=opencti" self.lastinfosec_tactic_url = "https://api.client.lastinfosec.com/v2/stix21/tactic/getlast24hour?api_key={}&headers=false&platform=opencti" self.lastinfosec_apikey = get_config_variable( "CONFIG_LIS_APIKEY", ["lastinfosec", "api_key"], config) self.lastinfosec_cti_enabled = get_config_variable( "CONFIG_LIS_CTI_ENABLED", ["lastinfosec", "cti", "is_enabled"], config) self.lastinfosec_cti_interval = get_config_variable( "CONFIG_LIS_CTI_INTERVAL", ["lastinfosec", "cti", "interval"], config) self.lastinfosec_cve_enabled = get_config_variable( "CONFIG_LIS_CVE_ENABLED", ["lastinfosec", "cve", "is_enabled"], config) self.lastinfosec_tactic_enabled = get_config_variable( "CONFIG_LIS_TACTIC_ENABLED", ["lastinfosec", "tactic", "is_enabled"], config) self.opencti_url = get_config_variable("OPENCTI_URL", ["opencti", "url"], config) self.opencti_id = get_config_variable("OPENCTI_TOKEN", ["opencti", "token"], config) self.update_existing_data = get_config_variable( "OPENCTI_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config) self.proxy_http = get_config_variable("PROXY_HTTP", ["opencti", "proxy_http"], config) self.proxy_https = get_config_variable("PROXY_HTTPS", ["opencti", "proxy_https"], config) total_enabled = 0 if self.lastinfosec_cti_enabled: total_enabled += 1 if self.lastinfosec_cve_enabled: total_enabled += 1 if self.lastinfosec_tactic_enabled: total_enabled += 1 if total_enabled == 0: raise Exception("You must enable one feed") elif total_enabled > 1: raise Exception("You can enable only one feed per connector") self.api = OpenCTIApiClient(self.opencti_url, self.opencti_id)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + '/config.yml' config = yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} self.helper = OpenCTIConnectorHelper(config) # Extra config self.misp_url = get_config_variable('MISP_URL', ['misp', 'url'], config) self.misp_key = get_config_variable('MISP_KEY', ['misp', 'key'], config) self.misp_ssl_verify = get_config_variable('MISP_SSL_VERIFY', ['misp', 'ssl_verify'], config) self.misp_create_report = get_config_variable('MISP_CREATE_REPORTS', ['misp', 'create_reports'], config) self.misp_report_class = get_config_variable( 'MISP_REPORT_CLASS', ['misp', 'report_class'], config ) or 'MISP Event' self.misp_import_from_date = get_config_variable('MISP_IMPORT_FROM_DATE', ['misp', 'import_from_date'], config) self.misp_import_tags = get_config_variable('MISP_IMPORT_TAGS', ['misp', 'import_tags'], config) self.misp_interval = get_config_variable('MISP_INTERVAL', ['misp', 'interval'], config, True) self.update_existing_data = get_config_variable( 'CONNECTOR_UPDATE_EXISTING_DATA', ['connector', 'update_existing_data'], config ) # Initialize MISP self.misp = ExpandedPyMISP(url=self.misp_url, key=self.misp_key, ssl=self.misp_ssl_verify, debug=False)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + '/config.yml' config = yaml.load(open(config_file_path), Loader=yaml.FullLoader ) if os.path.isfile(config_file_path) else {} self.helper = OpenCTIConnectorHelper(config) self.token = get_config_variable('IPINFO_TOKEN', ['ipinfo', 'token'], config) self.max_tlp = get_config_variable('IPINFO_MAX_TLP', ['ipinfo', 'max_tlp'], config)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.token = get_config_variable("IPINFO_TOKEN", ["ipinfo", "token"], config) self.max_tlp = get_config_variable("IPINFO_MAX_TLP", ["ipinfo", "max_tlp"], config)
def __init__(self, conf_data): config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else conf_data) self.helper = OpenCTIConnectorHelper(config) # Extra config self.backup_protocol = get_config_variable("BACKUP_PROTOCOL", ["backup", "protocol"], config) self.backup_path = get_config_variable("BACKUP_PATH", ["backup", "path"], config)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.SafeLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.api_key = get_config_variable("ABUSEIPDB_API_KEY", ["abuseipdb", "api_key"], config) self.max_tlp = get_config_variable("ABUSEIPDB_MAX_TLP", ["abuseipdb", "max_tlp"], config) self.whitelist_label = self.helper.api.label.create(value="whitelist", color="#4caf50")
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + '/config.yml' config = yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} self.helper = OpenCTIConnectorHelper(config) # Extra config self.cve_nvd_data_feed = get_config_variable('CVE_NVD_DATA_FEED', ['cve', 'nvd_data_feed'], config) self.cve_interval = get_config_variable('CVE_INTERVAL', ['cve', 'interval'], config, True) self.update_existing_data = get_config_variable( 'CONNECTOR_UPDATE_EXISTING_DATA', ['connector', 'update_existing_data'], config )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} ) self.helper = OpenCTIConnectorHelper(config) # Extra config self.threatmatch_url = get_config_variable( "THREATMATCH_URL", ["threatmatch", "url"], config ) self.threatmatch_client_id = get_config_variable( "THREATMATCH_CLIENT_ID", ["threatmatch", "client_id"], config ) self.threatmatch_client_secret = get_config_variable( "THREATMATCH_CLIENT_SECRET", ["threatmatch", "client_secret"], config ) self.threatmatch_interval = get_config_variable( "THREATMATCH_INTERVAL", ["threatmatch", "interval"], config, True, 5 ) self.threatmatch_import_from_date = get_config_variable( "THREATMATCH_IMPORT_FROM_DATE", ["threatmatch", "import_from_date"], config ) self.threatmatch_import_profiles = get_config_variable( "THREATMATCH_IMPORT_PROFILES", ["threatmatch", "import_profiles"], config, False, True, ) self.threatmatch_import_alerts = get_config_variable( "THREATMATCH_IMPORT_ALERTS", ["threatmatch", "import_alerts"], config, False, True, ) self.threatmatch_import_reports = get_config_variable( "THREATMATCH_IMPORT_REPORTS", ["threatmatch", "import_reports"], config, False, True, ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) self.identity = self.helper.api.identity.create( type="Organization", name="Security Alliance", description="Security Alliance is a cyber threat intelligence product and services company, formed in 2007.", )
def __init__(self): config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.SafeLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.remote_opencti_url = get_config_variable( "REMOTE_OPENCTI_URL", ["remote_opencti", "url"], config) self.remote_opencti_token = get_config_variable( "REMOTE_OPENCTI_TOKEN", ["remote_opencti", "token"], config) self.remote_opencti_events = get_config_variable( "REMOTE_OPENCTI_EVENTS", ["remote_opencti", "events"], config).split(",")
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/../config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) # Extra config self.confidence_level = get_config_variable( "CONNECTOR_CONFIDENCE_LEVEL", ["connector", "confidence_level"], config, isNumber=True, ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) self.API_KEY = get_config_variable("VALHALLA_API_KEY", ["valhalla", "api_key"], config) self.INTERVAL_SEC = get_config_variable( "VALHALLA_INTERVAL_SEC", ["valhalla", "interval_sec"], config, isNumber=True, ) self.helper = OpenCTIConnectorHelper(config) self.helper.log_info(f"loaded valhalla config: {config}") # If we run without API key we can assume all data is TLP:WHITE else we # default to TLP:AMBER to be safe. if self.API_KEY == "" or self.API_KEY is None: self.default_marking = self.helper.api.marking_definition.read( id=TLP_WHITE["id"]) self.valhalla_client = ValhallaAPI() else: self.default_marking = self.helper.api.marking_definition.read( id=TLP_AMBER["id"]) self.valhalla_client = ValhallaAPI(api_key=self.API_KEY) self.knowledge_importer = KnowledgeImporter( self.helper, self.confidence_level, self.update_existing_data, self.default_marking, self.valhalla_client, )
def __init__(self) -> None: # Instantiate the connector helper from config base_path = os.path.dirname(os.path.abspath(__file__)) config_file_path = base_path + "/../config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.create_indicator = get_config_variable( "IMPORT_DOCUMENT_CREATE_INDICATOR", ["import_document", "create_indicator"], config, ) # Load Entity and Observable configs observable_config_file = base_path + "/config/observable_config.ini" entity_config_file = base_path + "/config/entity_config.ini" if os.path.isfile(observable_config_file) and os.path.isfile( entity_config_file): self.observable_config = self._parse_config( observable_config_file, Observable) else: raise FileNotFoundError(f"{observable_config_file} was not found") if os.path.isfile(entity_config_file): self.entity_config = self._parse_config(entity_config_file, EntityConfig) else: raise FileNotFoundError(f"{entity_config_file} was not found")
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} ) self.helper = OpenCTIConnectorHelper(config) self.create_indicator = get_config_variable( "PDF_OBSERVABLES_CREATE_INDICATOR", ["pdf_observables", "create_indicator"], config, ) self.types = { "MD5": "File.hashes.MD5", "SHA1": "File.hashes.SHA-1", "SHA256": "File.hashes.SHA-256", "Filename": "File.name", "IP": "IPv4-Addr.value", "DomainName": "Domain-Name.value", # Directory is not yet fully functional # "Directory": "Directory.path", "URL": "Url.value", "Email": "Email-Addr.value", "CVE": "Vulnerability.name", "Registry": "Windows-Registry-Key.key", }
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.api_url = "https://api.client.lastinfosec.com/v2" self.lastinfosec_apikey = get_config_variable( "CONFIG_LIS_APIKEY_CTI", ["lastinfosec", "api_key_cti"], config) self.proxy_http = get_config_variable("PROXY_HTTP", ["opencti", "proxy_http"], config) self.proxy_https = get_config_variable("PROXY_HTTPS", ["opencti", "proxy_https"], config)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.identity = self.helper.api.identity.create( type="Organization", name="UnpacMe", description="UnpacMe", )["standard_id"] self.octi_api_url = get_config_variable("OPENCTI_URL", ["opencti", "url"], config) # Get URL and private from config, use to instantiate the client user_agent = get_config_variable( "UNPAC_ME_USER_AGENT", ["unpac_me", "user_agent"], config, ) api_key = get_config_variable( "UNPAC_ME_API_KEY", ["unpac_me", "api_key"], config, ) self.private = get_config_variable( "UNPAC_ME_PRIVATE", ["unpac_me", "private"], config, ) self.unpacme_client = UnpacMeApi(api_key=api_key, user_agent=user_agent) # Other config settings self.family_color = get_config_variable( "UNPAC_ME_FAMILY_COLOR", ["unpac_me", "family_color"], config, ) self.default_tag_color = get_config_variable( "UNPAC_ME_FAMILY_COLOR", ["unpac_me", "tag_color"], config, ) self.less_noise = get_config_variable( "UNPAC_ME_LESS_NOISE", ["unpac_me", "less_noise"], config, ) self.max_tlp = get_config_variable( "UNPAC_ME_MAX_TLP", ["unpac_me", "max_tlp"], config, )